Sign inTry Free

Control Plane Audit Logs

On this page

SingleStore identifies and logs the user actions in the Control Plane that can be used to track user activity. Logged Cloud Portal activities include, but are not limited to, the following:

Category

Event

Workspace

  • Create, resize, suspend, or delete a workspace

  • Detach a database from a workspace

  • Modify auto-suspend configuration of a workspace

  • Create or delete private connections to a workspace

Workspace group

  • Create or delete a workspace group

  • Add or update firewall rules for a workspace group

  • Update the password

  • Add RBAC rules at the workspace group level

  • Change the update window for a deployment

  • Create a database

Observability

  • Add, update, or remove an alert for the database operations

  • Add, update, or remove subscribers to the alert

Cloud Portal

  • Generate API keys

  • Add a user

  • Add a RBAC property at the organization level

  • Add a payment method

  • Change the database admin password

Team

  • Create, update, or delete a team

  • Add or delete members in a team

Authentication

  • User login events

  • Add, update, or delete a SCIM connection

Notebook

  • Create or delete a Notebook on the Cloud Portal

Access Control Plane Audit Logs

Use the AuditLogs path (/v1/auditLogs endpoint) in the Management API to access the Control Plane audit logs. For example:

curl -X 'GET' \
  'https://api.singlestore.com/v1/auditLogs' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer <API_key>'

Refer to Management API Reference for more information.

Control Plane Audit Log Format

The Management API returns the Control Plane audit logs formatted as JSON records. For example:

{
  "nextToken": "2025-08-23T20:10:24.566869Z",
  "auditLogs": [
   {
      "orgID": "d4226b30-0000-1000-9000-e56cc36be262",
      "auditID": "9a189082-0000-1000-9000-d574adbbe889",
      "type": "WorkspaceGroupCreate",
      "source": "Portal",
      "createdAt": "2025-07-22T03:15:06.693055Z",
      "reason": "Workspace group (1baae325-0000-1000-9000-17b67a0af1ce) created in project (3c8d7c87-0000-1000-9000-feebd4f92dcf)",
      "userType": "Employee",
      "version": 0
    }
  ]}

Each Control Plane audit log entry may contain a subset of the fields listed in the following table:

Field

Description

userEmail

Email ID of the user that triggered this event.

userID

ID of the user that triggered this event.

userType

Type of the user that triggered this event. It can have one of the following values: Unspecified, System, Employee, Customer, Automation. Studio, CIAutomation, SharedTier, SNIProxy, NimbusGateway, or Cluster.

orgID

ID of the organization associated with this event.

auditID

ID of the audit log entry.

workspaceID

ID of the workspace associated with this event.

projectID

ID of the project associated with this event

sessionID

ID of the authorization session associated with this event.

teamID

ID of the team associated with this event.

type

Type of the audit log event. Refer to Audit Log Event Types for more information.

source

Source of the audit log entry. It can have one of the following values: Portal, Admin, or SystemJob.

createdAt

The timestamp (in the RFC3339Nano format) of when the audit log entry was created.

attributes

Additional keys and values specific to the audit log.

error

Error message, if any, related to this audit log entry.

reason

A description of the event.

firstName

First name of a redacted user.

lastName

Last name of a redacted user.

labels

List of audit-related keywords.

nextToken

Timestamp of the latest audit log entry.

If specified in the API call, the API only returns the audit log entries generated after the specified timestamp.

Control Plane Audit Log Event Types

The following is a list of logged event types for each category:

Category

Event Type

Notebook Management

  • NotebookCreate

  • NotebookDelete

Cluster Operations

  • ClusterCreate

  • ClusterTerminate

Workspace Management

  • WorkspaceGroupTerminate

  • WorkspaceTerminate

  • WorkspaceCreate

  • WorkspaceGroupCreate

  • WorkspaceScale

  • WorkspacePause

  • WorkspaceResume

  • WorkspaceGroupDelete

Alert Management

  • SubscribedAlert

  • UnsubscribedAlert

  • SubscriberAlertUpdated

User Management

  • InvitedNewUserToPortal

  • AddedNewUserToPortal

  • UserRemovedFromPortal

Team Management

  • TeamCreate

  • TeamUpdate

  • TeamDelete

  • TeamAddMember

  • TeamRemoveMember

Billing & Payment

  • NewPaymentMethod

  • NovaPoolBillingUpdate

  • ComputeOverageChange

  • BalanceCorrection

  • BalanceIncrease

  • SubscriptionBundleCreated

  • SubscriptionBundleDeleted

  • SubscriptionBundleUpdated

Security & Access

  • ChangeAdminDatabasePassword

  • GenerateAPIKey

  • WorkspaceGroupControlAccess

  • OrganizationControlAccess

  • SecretControlAccess

  • NovaAppControlAccess

  • NotifySAMLCertExpire

  • UpdateOAuthIntegrationAvailability

Maintenance & Config

  • MaintenanceWindowUpdate

  • AutoSuspendDisableOnResume

  • UpdateAutoSuspendConfiguration

Firewall Management

  • FirewallRuleAdded

  • FirewallRuleUpdate

Storage Management

  • BottomlessRetentionPeriodUpdate

Job Scheduling

  • CreateScheduledJob

  • ScheduledJobRemove

  • ScheduledJobUpdate

Database Operations

  • DatabaseCreated

  • DatabaseRemoved

  • DatabaseDetached

Network & Connectivity

  • PrivateConnectionCreated

  • PrivateConnectionDeleted

SCIM Integration

  • SCIMCreateConnection

  • SCIMUpdateConnection

  • SCIMDeleteConnection

Operations API

  • OpsAPIRequest

Encryption Management

  • CMEKScheduleDeletionAlert

Last modified: August 25, 2025

Was this article helpful?

On this page

Was this article helpful?

Verification instructions

Note: You must install cosign to verify the authenticity of the SingleStore file.

Use the following steps to verify the authenticity of singlestoredb-server, singlestoredb-toolbox, singlestoredb-studio, and singlestore-client SingleStore files that have been downloaded.

You may perform the following steps on any computer that can run cosign, such as the main deployment host of the cluster.

  1. (Optional) Run the following command to view the associated signature files.

    curl undefined

  2. Download the signature file from the SingleStore release server.

    • Option 1: Click the Download Signature button next to the SingleStore file.

    • Option 2: Copy and paste the following URL into the address bar of your browser and save the signature file.

    • Option 3: Run the following command to download the signature file.

      curl -O undefined

  3. After the signature file has been downloaded, run the following command to verify the authenticity of the SingleStore file.

    echo -n undefined |
        cosign verify-blob --certificate-oidc-issuer https://oidc.eks.us-east-1.amazonaws.com/id/CCDCDBA1379A5596AB5B2E46DCA385BC \
          --certificate-identity https://kubernetes.io/namespaces/freya-production/serviceaccounts/job-worker \
          --bundle undefined \
          --new-bundle-format -
    Verified OK